OpenPGP Browser Support
Daniel Kahn Gillmor
dkg-debian.org at fifthhorseman.net
Thu Jul 24 19:10:15 CEST 2008
On Thu 2008-07-24 01:07:44 -0400, Duane wrote:
> I was pleasantly surprised to learn that OpenPGP has been accepted
> as a RFC, however I'm unable to find a browser or plugin for a
> browser that supports this, is anyone able to enlighten me?
I've yet to find one either, unfortunately. There are two major
fields of work to see this happen successfully:
* adapt one of the browsers that uses gnutls (epiphany? galeon?) to
be able to handle this TLS extension: this includes deciding how to
store a keyring of trusted identity certifiers.
* do the UI work necessary in that browser to let users choose how to
manage their set of trusted identity certifiers.
Some implementation decisions would need to be made:
* do you want to use/interact with the user's standard GPG keyring
for any of this?
* do you want to use the full web-of-trust model, or is a list of
trusted authorities (similar to the current X.509 model)
sufficient?
* how do you plan to match the OpenPGP User IDs to hosts? Is just
the name sufficient? What about alternate ports? (e.g. is
"www.example.com" the User ID you'll look for? or should it be
"https://www.example.com/"? Or for alternate ports (e.g. not 443
for https), should it be "www.example.com:4343" ? I don't believe
the RFC actually specifies what must go here (though i'd be happy
to be shown otherwise).
I'd really love to see this project get underway, but i haven't seen
anyone doing it yet.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
URL: </pipermail/attachments/20080724/63e758be/attachment.pgp>
More information about the Gnutls-devel
mailing list